Intel’s Newest Cascade Lake Chips Hit By New ‘Zombieload’ Flaw

A new variant of Zombieload targeting Intel’s new Cascade Lake processors forced the chipmaker to release a patch Tuesday.


Security researchers have discovered a flaw in Intel’s new Xeon Cascade Lake family of chips that could be used to steal sensitive data directly from the processor.

To combat the attack, Intel released microcode updates on Nov. 12 to address the issue, which stems from a new variant of Zombieload. The new Zombieload flaw, which Intel calls Transactional Asynchronous Abort (TAA), can enable hackers with physical access to a device the ability to read sensitive data stored in the processor.

Santa, Clara, Calif.-based Intel has confirmed that its new chips are vulnerable to the newest Zombieload flaw.

Sponsored post

“The TAA mitigation provides the ability to clear stale data from microarchitectural structures through use of a VERW instruction on processors that already have hardware-based mitigations for MDS [microarchitectural data sampling],” said Jerry Bryant, director of security communication for Intel’s Platform Assurance and Security Group, in a security update blog post Tuesday.

[Related: Patches Released For ZombieLoad Intel CPU Vulnerability Affecting Chips Since 2011]

“It also provides system software the means to disable [TAA] for customers who do not use this functionality. We believe that the mitigations for TAA and MDS substantively reduce the potential attack surface,” said Bryant. “Shortly before this disclosure, however, we confirmed the possibility that some amount of data could still be inferred through a side-channel using these techniques [for TAA, only if TSX is enabled] and will be addressed in future microcode updates.”

The new variant of Zombieload is closely related to an MDS attack, which targets components used for fast reads/writes of information processed inside the CPU like the load, store and line fill buffers. It can be triggered in PCs, laptops and virtual machines, meaning that the cloud is vulnerable as well.

Nearly every computer dating back to 2011 with an Intel chip is affected by Zombieload, according to Intel. Researchers said other vulnerabilities in the same family of Zombieload, such as Fallout, do not work on Intel’s Cascade Lake.

In addition, researchers said flaws like Zombieload could be exploited to see which websites a person is visiting in real time. The vulnerability could also be repurposed to obtain passwords or access tokens for a victim's online accounts.